To increase app security, we will remove the allow-top-navigation and allow-top-navigation-by-user-activation directives from iframes on June 1st, 2024.

These directives enable apps to redirect customers from their monday account to another website, which poses a security risk for many customers.

Here are good and bad examples of what’s currently allowed:

// Open link in a new tab - GOOD  
  window.open("<https://www.mozilla.org/">, "mozillaTab");

  // Open link in a new window - GOOD  
  window.open("<https://www.mozilla.org/",'name','height=300,width=650,screenX=400,screenY=350'>)

  // Redirect the user outside of monday - BAD  
  window.top.location.href = "<https://www.mozilla.org/">;

After deprecating these directives, any links utilizing this functionality won’t work but won’t impact app functionality. This update will only disablewindow.top.location.href (see example below):

window.top.location.href = "<https://www.mozilla.org/">;

If you need to direct customers to an external link from the app, you can still do so by opening it in a new tab using the SDK or the window.open method.

window.open("<https://www.mozilla.org/">, "mozillaTab");

To increase app security, we will remove the allow-top-navigation and allow-top-navigation-by-user-activation directives from iframes on June 1st, 2024.

These directives enable apps to redirect customers from their monday account to another website, which poses a security risk for many customers.

Here are good and bad examples of what’s currently allowed:

// Open link in a new tab - GOOD  
  window.open("<https://www.mozilla.org/">, "mozillaTab");

  // Open link in a new window - GOOD  
  window.open("<https://www.mozilla.org/",'name','height=300,width=650,screenX=400,screenY=350'>)

  // Redirect the user outside of monday - BAD  
  window.top.location.href = "<https://www.mozilla.org/">;

After deprecating these directives, any links utilizing this functionality won’t work but won’t impact app functionality. This update will only disablewindow.top.location.href (see example below):

window.top.location.href = "<https://www.mozilla.org/">;

If you need to direct customers to an external link from the app, you can still do so by opening it in a new tab using the SDK or the window.open method.

window.open("<https://www.mozilla.org/">, "mozillaTab");

Calling all monday code users - we have an exciting update for you!

We recently added the ability to create new HTTP error rate and latency response alerts, so you'll be notified when the specified thresholds are exceeded. When this occurs, an item will be made on the designated alert board. You can then integrate your alert board with external tools to receive notifications where you want!

You can create and manage these alerts through the Developer Center using the monday code General tab. Check out more info here!

We just released a variety of new app and sales analytics widgets to help you get a deeper understanding of your app's performance, sales, users, payments, and usage! You can read more about sales analytics here and app analytics here.

Marketplace apps - this one is for you!

We just released a self-service process to update your app's listing page in the brand-new Listing tab. There, you can manage and submit requests to update the content of the marketplace listing page.

You can easily track the status of each request, preview the changes, and version your requests all through the UI. With this new process, you can expect faster reviews from our team, more transparency, and the control to make updates as you wish.

Board permissions will now transfer to boards created from the templates in workspace template apps. Before this update, board permissions defined by a workspace owner would not transfer to boards created from the template.

This change will be automatically applied to all new app usage. It will not impact those who create the template or the app because they already have full permissions as owners. However, it can impact non-owners who may have restricted permissions if they were defined in the template. In these instances, the board owner can update the permissions for those who need access.

We just released the openAppRatingPopup SDK method that opens an app rating dialog to prompt users to rate your app. You can call this once in 24 hours and only on iframes of marketplace apps. It can't be called on a user who has already rated the app.

This method has no parameters.

monday.execute('openAppRatingPopup');

We recently added the selectedPlanId parameter to the openPlanSelection to specify which plan to open the page on. To use this parameter successfully, the isInPlanSelection parameter must also be true. You can read more about this SDK method here.

monday.execute('openPlanSelection', {isInPlanSelection: true, selectedPlanId: "123456"});

We just released a new security and compliance questionnaire that developers can complete to display security-related information on their app listing page. You can read more about it here!

In the next few weeks, we will stop supporting major and minor app versioning and only offer one app version.

This new version functions like a minor version and will automatically be pushed to users, but it allows you to do everything you previously could in major versions (e.g., changing scopes, deleting features, etc.).

The main changes include:

• App feature deprecation and un-deprecation
• User approval for updated permissions
• App view banners to communicate with users

This new versioning mechanism will be available for new apps starting January 31st, 2024. Existing apps will continue versioning with major and minor versions until February 11th, 2024, and at that point, they will be automatically migrated to the new versioning mechanism.

Existing app developers are not required to create a new version as part of this migration. All previous app version numbering will remain the same, but the next version you create will utilize sequential numbering.

You can read more about versioning here.